A Role-Based Administrative Model for Administration of Heterogeneous Access Control Policies and its Security Analysis.

IF 6.9 3区管理学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information Systems Frontiers Pub Date : 2024-12-01 Epub Date: 2021-07-21 DOI:10.1007/s10796-021-10167-z

Mahendra Pratap Singh, Shamik Sural, Jaideep Vaidya, Vijayalakshmi Atluri

{"title":"A Role-Based Administrative Model for Administration of Heterogeneous Access Control Policies and its Security Analysis.","authors":"Mahendra Pratap Singh, Shamik Sural, Jaideep Vaidya, Vijayalakshmi Atluri","doi":"10.1007/s10796-021-10167-z","DOIUrl":null,"url":null,"abstract":"Over the past few years, several efforts have been made to enable specification and enforcement of flexible and dynamic access control policies using traditional access control (such as role based access control (RBAC), etc.) and attribute based access control (ABAC). Recently, a unified framework, named MPBAC (meta-policy based access control), has been developed to enable specification and enforcement of heterogeneous access control policies such as ABAC, RBAC and a combination of policies (such as ABAC and RBAC). However, one significant limitation is that no complete administrative model has been developed for heterogeneous access control policies. In this article, we present a complete role-based administrative model (named as RAMHAC) for managing heterogeneous access control policies. We also introduce a novel methodology for analyzing heterogeneous access control policies in the presence of RAMHAC by modeling the policies through Datalog facts and using the μz tool. The administrative model includes a wide range of administrative relations, commands, pre-constraints and post-constraints. A comprehensive experimental evaluation demonstrates the scalability of the proposed approach.","PeriodicalId":13610,"journal":{"name":"Information Systems Frontiers","volume":" ","pages":"2255-2272"},"PeriodicalIF":6.9000,"publicationDate":"2024-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11981199/pdf/","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Systems Frontiers","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10796-021-10167-z","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2021/7/21 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Over the past few years, several efforts have been made to enable specification and enforcement of flexible and dynamic access control policies using traditional access control (such as role based access control (RBAC), etc.) and attribute based access control (ABAC). Recently, a unified framework, named MPBAC (meta-policy based access control), has been developed to enable specification and enforcement of heterogeneous access control policies such as ABAC, RBAC and a combination of policies (such as ABAC and RBAC). However, one significant limitation is that no complete administrative model has been developed for heterogeneous access control policies. In this article, we present a complete role-based administrative model (named as RAMHAC) for managing heterogeneous access control policies. We also introduce a novel methodology for analyzing heterogeneous access control policies in the presence of RAMHAC by modeling the policies through Datalog facts and using the μz tool. The administrative model includes a wide range of administrative relations, commands, pre-constraints and post-constraints. A comprehensive experimental evaluation demonstrates the scalability of the proposed approach.

查看原文本刊更多论文

基于角色的异构访问控制策略管理模型及其安全性分析

在过去的几年中，已经做出了一些努力，以便使用传统的访问控制（如基于角色的访问控制（RBAC）等）和基于属性的访问控制（ABAC）来规范和实施灵活的动态访问控制策略。最近，一个名为MPBAC（基于元策略的访问控制）的统一框架被开发出来，用于规范和实施异构访问控制策略，如ABAC、RBAC和策略组合（如ABAC和RBAC）。然而，一个重要的限制是还没有为异构访问控制策略开发完整的管理模型。在本文中，我们提出了一个完整的基于角色的管理模型（称为RAMHAC），用于管理异构访问控制策略。我们还介绍了一种新的方法，通过Datalog事实和μz工具对策略进行建模，分析存在RAMHAC的异构访问控制策略。管理模式包括广泛的管理关系、命令、前约束和后约束。综合实验评估证明了该方法的可扩展性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Systems Frontiers 工程技术-计算机：理论方法

CiteScore

13.30

自引率

18.60%

发文量

127

审稿时长

9 months

期刊介绍： The interdisciplinary interfaces of Information Systems (IS) are fast emerging as defining areas of research and development in IS. These developments are largely due to the transformation of Information Technology (IT) towards networked worlds and its effects on global communications and economies. While these developments are shaping the way information is used in all forms of human enterprise, they are also setting the tone and pace of information systems of the future. The major advances in IT such as client/server systems, the Internet and the desktop/multimedia computing revolution, for example, have led to numerous important vistas of research and development with considerable practical impact and academic significance. While the industry seeks to develop high performance IS/IT solutions to a variety of contemporary information support needs, academia looks to extend the reach of IS technology into new application domains. Information Systems Frontiers (ISF) aims to provide a common forum of dissemination of frontline industrial developments of substantial academic value and pioneering academic research of significant practical impact.